From 0d44ce4239d61d35ec9a8ba90a04c08e01a9dc3f Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Sun, 27 Jul 2008 17:48:57 +0200 Subject: [PATCH] Implements a dirty version of tokenAuth in XorgSession (waiting for hruid). Remove SQL query from wiki and RSS, so they can be moved to the core lib. Signed-off-by: Florent Bruneau --- classes/xnetsession.php | 26 ++++++++++++++++++++++++++ classes/xorgsession.php | 26 ++++++++++++++++++++++++++ core | 2 +- include/rss.inc.php | 20 +------------------- include/wiki.inc.php | 10 ++-------- 5 files changed, 56 insertions(+), 28 deletions(-) diff --git a/classes/xnetsession.php b/classes/xnetsession.php index 73dd844..3f9dca1 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -130,6 +130,32 @@ class XnetSession extends PlSession return true; } + public function tokenAuth($login, $token) + { + // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require + // a valid nome and checks the permissions. When the PlUser object will be ready, we'll + // be able to return a simple 'PlUser' object here without trying to alterate the + // session. + $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe + FROM aliases AS a + INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) + INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) + WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login); + if ($res->numRows() == 1) { + $sess = $res->fetchOneAssoc(); + if (!S::has('uid')) { + $_SESSION = $sess; + $this->makePerms($sess['perms']); + return S::i('uid'); + } else if (S::i('uid') == $sess['uid']) { + return S::i('uid'); + } else { + Platal::page()->kill('Invalid state. To be fixed when hruid is ready'); + } + } + return null; + } + public function doSelfSuid() { if (!$this->startSUID(S::i('uid'))) { diff --git a/classes/xorgsession.php b/classes/xorgsession.php index 1424389..48a2664 100644 --- a/classes/xorgsession.php +++ b/classes/xorgsession.php @@ -267,6 +267,32 @@ class XorgSession extends PlSession } } + public function tokenAuth($login, $token) + { + // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require + // a valid nome and checks the permissions. When the PlUser object will be ready, we'll + // be able to return a simple 'PlUser' object here without trying to alterate the + // session. + $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe + FROM aliases AS a + INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) + INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) + WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login); + if ($res->numRows() == 1) { + $sess = $res->fetchOneAssoc(); + if (!S::has('uid')) { + $_SESSION = $sess; + $this->makePerms($sess['perms']); + return S::i('uid'); + } else if (S::i('uid') == $sess['uid']) { + return S::i('uid'); + } else { + Platal::page()->kill('Invalid state. To be fixed when hruid is ready'); + } + } + return null; + } + public function makePerms($perm) { $flags = new PlFlagSet(); diff --git a/core b/core index 748b27d..8bdb07e 160000 --- a/core +++ b/core @@ -1 +1 @@ -Subproject commit 748b27d2298eb61c212765a9480b0db661577232 +Subproject commit 8bdb07ee8944d8ef3d37b733477834a64a897aa6 diff --git a/include/rss.inc.php b/include/rss.inc.php index 3b07d78..9d38d31 100644 --- a/include/rss.inc.php +++ b/include/rss.inc.php @@ -19,29 +19,11 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -function _rss_encode_date($d) { - if (preg_match('/^\d{14}$/', $d)) { - $t = mktime(substr($d,8,2), substr($d,10,2), substr($d,12,2), substr($d,4,2), substr($d,6,2), substr($d,0,4)); - } else { - $t = strtotime($d); - } - return date('r', $t); -} - function init_rss($template, $alias, $hash, $require_uid = true) { $page =& Platal::page(); $page->changeTpl($template, NO_SKIN); - $page->register_modifier('rss_date', '_rss_encode_date'); - - $res = XDB::query( - 'SELECT a.id - FROM aliases AS a - INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) - INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) - WHERE a.alias = {?} AND a.type != "homonyme"', $hash, $alias); - $uid = $res->fetchOneCell(); - + $uid = Platal::session()->tokenAuth($alias, $hash); if (empty($uid)) { if ($require_uid) { exit; diff --git a/include/wiki.inc.php b/include/wiki.inc.php index bba6b11..0abf171 100644 --- a/include/wiki.inc.php +++ b/include/wiki.inc.php @@ -122,16 +122,10 @@ function wiki_apply_feed_perms($perm) require_once 'rss.inc.php'; $uid = init_rss(null, Env::v('user'), Env::v('hash')); - $res = XDB::query('SELECT user_id AS uid, IF (nom_usage <> \'\', nom_usage, nom) AS nom, prenom, perms - FROM auth_user_md5 - WHERE user_id = {?}', $uid); - if (!$res->numRows()) { + if (is_null($uid)) { exit; } - $table = $res->fetchOneAssoc(); - $_SESSION = array_merge($_SESSION, $table, array('forlife' => Env::v('user'))); - $_SESSION['perms'] =& XorgSession::make_perms($_SESSION['perms']); - if ($perm == 'logged' || $_SESSION['perms']->hasFlag('admin')) { + if ($perm == 'logged' || S::has_perms()) { return; } exit; -- 2.1.4