From 3eb46e633d522c7f07c767cdd857ed3aae10878b Mon Sep 17 00:00:00 2001
From: x2000habouzit <x2000habouzit>
Date: Thu, 2 Sep 2004 18:23:01 +0000
Subject: [PATCH] new login model... now the site is completely fucked up...
 coool :)))))

---
 htdocs/deconnexion.php                    |  4 ++--
 include/insert.password.inc.php           | 31 ++++++++++++++-------------
 include/xorg.session.inc.php              | 35 ++++++++++++++++---------------
 scripts/migration.sql                     |  1 +
 templates/password_prompt_logged.head.tpl |  4 ++--
 templates/password_prompt_logged.tpl      |  4 ++--
 6 files changed, 42 insertions(+), 37 deletions(-)

diff --git a/htdocs/deconnexion.php b/htdocs/deconnexion.php
index 7c8d066..417758b 100644
--- a/htdocs/deconnexion.php
+++ b/htdocs/deconnexion.php
@@ -18,7 +18,7 @@
  *  Foundation, Inc.,                                                      *
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************
-        $Id: deconnexion.php,v 1.4 2004-08-31 10:03:28 x2000habouzit Exp $
+        $Id: deconnexion.php,v 1.5 2004-09-02 18:23:01 x2000habouzit Exp $
  ***************************************************************************/
 
 require("auto.prepend.inc.php");
@@ -32,7 +32,7 @@ if (isset($_SESSION['log'])) {
 }
 
 session_destroy();
-$has_cookie = (isset($_COOKIE['ORGaccess']) && isset($_COOKIE['ORGlogin']));
+$has_cookie = (isset($_COOKIE['ORGaccess']) && isset($_COOKIE['ORGuid']));
 $_SESSION = array();
 if($has_cookie)
     header("Location: login.php");
diff --git a/include/insert.password.inc.php b/include/insert.password.inc.php
index 056a35e..704fa4c 100644
--- a/include/insert.password.inc.php
+++ b/include/insert.password.inc.php
@@ -18,26 +18,29 @@
  *  Foundation, Inc.,                                                      *
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************
-        $Id: insert.password.inc.php,v 1.2 2004-08-31 11:16:48 x2000habouzit Exp $
+        $Id: insert.password.inc.php,v 1.3 2004-09-02 18:23:02 x2000habouzit Exp $
  ***************************************************************************/
 
 function smarty_insert_getName() {
-    $pre = strtok($_COOKIE['ORGlogin'],".");
-    $pre1=strtok($pre,"-");
-    $pre2=strtok(" ");
-    $pre1=ucfirst($pre1);
-    $pre2=ucfirst($pre2);
-    if ($pre2) {
-        $prenom = $pre1."-".$pre2;
-    } else {
-        $prenom = $pre1;
+    global $globals;
+    if(empty($_COOKIE['ORGuid'])) return "";
+    $res = $globals->db->query("SELECT prenom FROM auth_user_md5 WHERE user_id='{$_COOKIE['ORGuid']}'");
+    if(list($prenom) = mysql_fetch_row($res)) {
+	mysql_free_result($res);
+	return $prenom;
     }
-    return $prenom;
+    return "";
 }
 
 function smarty_insert_getUsername() {
-    return isset($_SESSION['username'])
-        ? $_SESSION['username']
-        : (isset($_COOKIE['ORGlogin']) ? $_COOKIE['ORGlogin'] : "");
+    if(isset($_COOKIE['ORGuid'])) $id = $_COOKIE['ORGuid'];
+    if(isset($_SESSION['uid'])) $id = $_SESSION['uid'];
+    if(empty($id)) return "";
+    $res = $globals->db->query("SELECT alias FROM auth_user_md5 WHERE id='$id' AND type='a_vie'");
+    if(list($uname) = mysql_fetch_row($res)) {
+	mysql_free_result($res);
+	return $uname;
+    }
+    return "";
 }
 ?>
diff --git a/include/xorg.session.inc.php b/include/xorg.session.inc.php
index f1eeb11..ff51000 100644
--- a/include/xorg.session.inc.php
+++ b/include/xorg.session.inc.php
@@ -18,7 +18,7 @@
  *  Foundation, Inc.,                                                      *
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************
-        $Id: xorg.session.inc.php,v 1.19 2004-08-31 11:16:48 x2000habouzit Exp $
+        $Id: xorg.session.inc.php,v 1.20 2004-09-02 18:23:02 x2000habouzit Exp $
  ***************************************************************************/
 
 require("diogenes.core.session.inc.php");
@@ -28,7 +28,7 @@ class XorgSession extends DiogenesCoreSession {
     function XorgSession()
     {
 	$this->DiogenesCoreSession();
-	if(empty($_SESSION['username']))
+	if(empty($_SESSION['uid']))
 	    try_cookie();
 	set_skin();
     }
@@ -48,9 +48,11 @@ class XorgSession extends DiogenesCoreSession {
 	{
 	    // si on vient de recevoir une identification par passwordpromptscreen.tpl
 	    // ou passwordpromptscreenlogged.tpl
-	    $res = @$globals->db->query( "SELECT username,user_id,password FROM auth_user_md5 WHERE username='{$_REQUEST['username']}'");
+	    $res = @$globals->db->query( "SELECT  u.user_id,u.password
+					    FROM  auth_user_md5 AS u
+         			      INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND a.alias='{$_REQUEST['username']}' )");
 	    if(@mysql_num_rows($res) != 0) {
-		list($username,$uid,$password)=mysql_fetch_row($res);
+		list($uid,$password)=mysql_fetch_row($res);
 		mysql_free_result($res);
 		$expected_response=md5("{$_REQUEST['username']}:$password:{$_SESSION['session']->challenge}");
 		if($_REQUEST['response'] == $expected_response) {
@@ -58,7 +60,7 @@ class XorgSession extends DiogenesCoreSession {
 		    // on logge la réussite pour les gens avec cookie
 		    if(isset($_SESSION['log']))
 			$_SESSION['log']->log("auth_ok");
-		    start_connexion($username, $uid, true);
+		    start_connexion($uid, true);
 		    return true;
 		} else {
 		    // mot de passe incorrect pour le login existant
@@ -103,7 +105,7 @@ class XorgSession extends DiogenesCoreSession {
     /** Display login screen.
      */
     function doLogin(&$page, $new_name=false) {
-	if(isset($_COOKIE['ORGaccess']) and isset($_COOKIE['ORGlogin']) and !$new_name) {
+	if(isset($_COOKIE['ORGaccess']) and isset($_COOKIE['ORGuid']) and !$new_name) {
 	    $page->_tpl = 'password_prompt_logged.tpl';
 	    $page->assign("xorg_head", "password_prompt_logged.head.tpl");
 	    $page->assign("xorg_tpl", "password_prompt_logged.tpl");
@@ -139,7 +141,7 @@ function check_perms() {
     
 function has_perms($auth_array=array()) {
     return logged()
-	&& ( (!empty($auth_array) && in_array($_SESSION['username'], $auth_array))
+	&& ( (!empty($auth_array) && in_array($_SESSION['uid'], $auth_array))
 		|| ($_SESSION['perms']==PERMS_ADMIN) );
 }
 
@@ -171,16 +173,16 @@ function identified () {
  */
 function try_cookie() {
     global $globals;
-    if(!isset($_COOKIE['ORGaccess']) or $_COOKIE['ORGaccess'] == '' or !isset($_COOKIE['ORGlogin']))
+    if(!isset($_COOKIE['ORGaccess']) or $_COOKIE['ORGaccess'] == '' or !isset($_COOKIE['ORGuid']))
 	return -1;
 
-    $res = @$globals->db->query( "SELECT user_id,password FROM auth_user_md5 WHERE username='{$_COOKIE['ORGlogin']}'");
+    $res = @$globals->db->query( "SELECT user_id,password FROM auth_user_md5 WHERE user_id='{$_COOKIE['ORGuid']}'");
     if(@mysql_num_rows($res) != 0) {
 	list($uid,$password)=mysql_fetch_row($res);
 	mysql_free_result($res);
 	$expected_value=md5($password);
 	if($expected_value == $_COOKIE['ORGaccess']) {
-	    start_connexion($_COOKIE['ORGlogin'], $uid, false);
+	    start_connexion($_COOKIE['ORGuid'], $uid, false);
 	    return 0;
 	} else return 1;
     }
@@ -192,14 +194,14 @@ function try_cookie() {
  * @return void
  * @see controlpermanent.inc.php controlauthentication.inc.php
  */
-function start_connexion ($username, $uid, $identified) {
+function start_connexion ($uid, $identified) {
     global $globals;
     $result=$globals->db->query("SELECT  prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host
 	    FROM  auth_user_md5   AS u
-	    LEFT JOIN  logger.sessions AS s ON(s.uid=u.user_id AND s.suid=0)
-	    WHERE  user_id=$uid
-	    ORDER BY  s.start DESC
-	    LIMIT  1");
+       LEFT JOIN  logger.sessions AS s ON(s.uid=u.user_id AND s.suid=0)
+	   WHERE  user_id=$uid
+        ORDER BY  s.start DESC
+           LIMIT  1");
     list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host) = mysql_fetch_row($result);
     mysql_free_result($result);
     // on garde le logger si il existe (pour ne pas casser les sessions lors d'une
@@ -214,7 +216,6 @@ function start_connexion ($username, $uid, $identified) {
     $_SESSION['host'] = $host;
     $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
     $_SESSION['uid'] = $uid;
-    $_SESSION['username'] = $username;
     $_SESSION['prenom'] = $prenom;
     $_SESSION['nom'] = $nom;
     $_SESSION['perms'] = $perms;
@@ -227,7 +228,7 @@ function start_connexion ($username, $uid, $identified) {
     if(empty($logger))
 	$_SESSION['log']->log("connexion",$_SERVER['PHP_SELF']);
     // le login est stocké pour un an
-    setcookie('ORGlogin',$username,(time()+25920000),'/','',0);
+    setcookie('ORGuid',$uid,(time()+25920000),'/','',0);
     set_skin();
 }
 
diff --git a/scripts/migration.sql b/scripts/migration.sql
index 3ec396b..4dbe518 100644
--- a/scripts/migration.sql
+++ b/scripts/migration.sql
@@ -32,6 +32,7 @@ ALTER TABLE x4dat.auth_user_md5 DROP COLUMN epouse_soundex;
 INSERT INTO logger.actions SET text="connexion_auth_ext",description="connection via l'auth des groupes X";
 -- drop des anciens alias --> aliases
 --*-- ALTER TABLE x4dat.auth_user_md5 DROP COLUMN loginbis;
+--*-- ALTER TABLE x4dat.auth_user_md5 DROP COLUMN username;
 --*-- ALTER TABLE x4dat.auth_user_md5 DROP COLUMN alias;
 
 --------------------------------------------------------------------------------
diff --git a/templates/password_prompt_logged.head.tpl b/templates/password_prompt_logged.head.tpl
index 1048d10..b190da1 100644
--- a/templates/password_prompt_logged.head.tpl
+++ b/templates/password_prompt_logged.head.tpl
@@ -17,14 +17,14 @@
  *  Foundation, Inc.,                                                      *
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************
-        $Id: password_prompt_logged.head.tpl,v 1.9 2004-08-31 11:25:39 x2000habouzit Exp $
+        $Id: password_prompt_logged.head.tpl,v 1.10 2004-09-02 18:23:02 x2000habouzit Exp $
  ***************************************************************************}
 
 
     <script src="{"javascript/md5.js"|url}" type="text/javascript"></script>
     <script type="text/javascript">//<![CDATA[
       function doChallengeResponse() {ldelim}
-        str = "{$smarty.cookies.ORGlogin}:" +
+        str = "{$smarty.cookies.ORGuid}:" +
         MD5(document.forms.login.password.value) + ":" +
         document.forms.loginsub.challenge.value;
 
diff --git a/templates/password_prompt_logged.tpl b/templates/password_prompt_logged.tpl
index 1bf2a3e..62d5893 100644
--- a/templates/password_prompt_logged.tpl
+++ b/templates/password_prompt_logged.tpl
@@ -17,7 +17,7 @@
  *  Foundation, Inc.,                                                      *
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************
-        $Id: password_prompt_logged.tpl,v 1.14 2004-08-31 11:25:39 x2000habouzit Exp $
+        $Id: password_prompt_logged.tpl,v 1.15 2004-09-02 18:23:02 x2000habouzit Exp $
  ***************************************************************************}
 
 
@@ -72,7 +72,7 @@
 <form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">
   <div>
     <input type="hidden" name="challenge" value="{$smarty.session.session->challenge}" />
-    <input type="hidden" name="username"  value="{$smarty.cookies.ORGlogin}" />
+    <input type="hidden" name="username"  value="{$smarty.cookies.ORGuid}" />
     <input type="hidden" name="response"  value="" />
   </div>
 </form>
-- 
2.1.4