From 63528107273f1f5de8a83428dbdd70e5f25d3d7f Mon Sep 17 00:00:00 2001 From: x2000habouzit Date: Wed, 19 Jul 2006 18:50:43 +0000 Subject: [PATCH] lot of various code simplifications, including removing useless settings, or sql queries, or delegations in auth methods. also guess $globals->baseurl as it's now trivial to do so. git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@542 839d8a87-29fc-0310-9880-83ba4fa771e5 --- Makefile | 4 + classes/Platal.php | 16 +- .../VarStream.php | 13 +- classes/Xnet.php | 5 + hooks/skin.inc.php | 26 +--- include/contacts.pdf.inc.php | 4 +- include/platal/page.inc.php | 7 - include/validations/photos.inc.php | 24 +-- include/xnet.inc.php | 20 --- include/xnet/page.inc.php | 32 +--- include/xnet/session.inc.php | 11 +- include/xorg.inc.php | 15 +- include/xorg/session.inc.php | 169 ++++++++++----------- modules/platal.php | 9 +- 14 files changed, 138 insertions(+), 217 deletions(-) rename include/xorg.varstream.inc.php => classes/VarStream.php (97%) diff --git a/Makefile b/Makefile index dfdbb89..e8abfa6 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ all: build build: core banana wiki +q: + @echo -e "Code statistics\n" + @sloccount $(filter-out wiki/ spool/, $(wildcard */)) 2> /dev/null | egrep '^[a-z]*:' + %: %.in Makefile sed -e 's,@VERSION@,$(VERSION),g' $< > $@ diff --git a/classes/Platal.php b/classes/Platal.php index 056ae80..a052193 100644 --- a/classes/Platal.php +++ b/classes/Platal.php @@ -86,12 +86,26 @@ class Platal if ($hook['auth'] > S::v('auth', AUTH_PUBLIC)) { // FIXME: don't use 'session' object anymore - $_SESSION['session']->doAuth(); + if (!$_SESSION['session']->doAuth()) { + $this->force_login($page); + } } return call_user_func_array($hook['hook'], $args); } + function force_login(&$page) + { + if (S::logged() and !$new_name) { + $page->changeTpl('password_prompt_logged.tpl'); + $page->addJsLink('javascript/do_challenge_response_logged.js'); + } else { + $page->changeTpl('password_prompt.tpl'); + $page->addJsLink('javascript/do_challenge_response.js'); + } + $page->run(); + } + function run() { global $page; diff --git a/include/xorg.varstream.inc.php b/classes/VarStream.php similarity index 97% rename from include/xorg.varstream.inc.php rename to classes/VarStream.php index 89bbc4f..49c31f6 100644 --- a/include/xorg.varstream.inc.php +++ b/classes/VarStream.php @@ -19,12 +19,10 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -// {{{ class VarStream - class VarStream { // {{{ properties - + // Stream handler to read from global variables var $varname; var $position; @@ -51,7 +49,7 @@ class VarStream function stream_close() { } - + // }}} // {{{ stream_read @@ -75,7 +73,7 @@ class VarStream $GLOBALS[$this->varname] = substr_replace($GLOBALS[$this->varname], $data, $this->position, $len); $this->position += $len; } - + // }}} // {{{ stream_eof @@ -124,13 +122,10 @@ class VarStream function stream_flush() { } - + // }}} } -// }}} - stream_wrapper_register('var','VarStream'); -// vim:set et sw=4 sts=4 sws=4: ?> diff --git a/classes/Xnet.php b/classes/Xnet.php index f1e3b79..36f679e 100644 --- a/classes/Xnet.php +++ b/classes/Xnet.php @@ -48,6 +48,11 @@ class Xnet extends Platal } return $ans; } + + function force_login(&$page) + { + redirect(S::v('loginX')); + } } ?> diff --git a/hooks/skin.inc.php b/hooks/skin.inc.php index e3b28e3..60cfe06 100644 --- a/hooks/skin.inc.php +++ b/hooks/skin.inc.php @@ -21,32 +21,10 @@ // {{{ config HOOK -// {{{ class SkinConfig - -class SkinConfig -{ - var $enable = 1; - var $def_id = 1; - var $def_tpl = 'default.tpl'; -} - -// }}} - -function skin_config() -{ - global $globals; - $globals->skin = new SkinConfig; -} - -// }}} -// {{{ prefs hook - function skin_prefs() { global $globals; - if (empty($globals->skin->enable)) { - return null; - } + return Array( Array( 'url' => 'skin', @@ -57,7 +35,5 @@ function skin_prefs() ); } -// }}} - // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?> diff --git a/include/contacts.pdf.inc.php b/include/contacts.pdf.inc.php index e23bddd..7eaea17 100644 --- a/include/contacts.pdf.inc.php +++ b/include/contacts.pdf.inc.php @@ -20,8 +20,8 @@ ***************************************************************************/ define ('FPDF_FONTPATH', dirname(__FILE__).'/fonts/'); -require_once('/usr/share/fpdf/fpdf.php'); -require_once('xorg.varstream.inc.php'); +require_once '/usr/share/fpdf/fpdf.php'; +require_once dirname(__FILE__).'/../classes/VarStream.php'; class ContactsPDF extends FPDF { diff --git a/include/platal/page.inc.php b/include/platal/page.inc.php index ccc94d8..d37f4df 100644 --- a/include/platal/page.inc.php +++ b/include/platal/page.inc.php @@ -62,8 +62,6 @@ class PlatalPage extends Smarty $this->register_prefilter('at_to_globals'); $this->register_prefilter('trimwhitespace'); $this->addJsLink('javascript/xorg.js'); - - $this->doAuth(); } // }}} @@ -202,11 +200,6 @@ class PlatalPage extends Smarty } // }}} - // {{{ function doAuth() - - function doAuth() { } - - // }}} // {{{ function loadModule() function loadModule($modname) diff --git a/include/validations/photos.inc.php b/include/validations/photos.inc.php index 4becd18..efc6224 100644 --- a/include/validations/photos.inc.php +++ b/include/validations/photos.inc.php @@ -24,7 +24,7 @@ class PhotoReq extends Validate { // {{{ properties - + var $mimetype; var $data; var $x; @@ -32,24 +32,24 @@ class PhotoReq extends Validate var $unique = true; - var $rules = "Refuser les photos copyrightées, de mineurs, ou ayant - un caractère pornographique, violent, etc... Si une photo est mal - cadrée (20% de photo et 80% de blanc par exemple), si c'est un - camarade antique, on lui arrange sinon on lui - refuse en lui expliquant gentiment le problème. Idem si les dimensions de + var $rules = "Refuser les photos copyrightées, de mineurs, ou ayant + un caractère pornographique, violent, etc... Si une photo est mal + cadrée (20% de photo et 80% de blanc par exemple), si c'est un + camarade antique, on lui arrange sinon on lui + refuse en lui expliquant gentiment le problème. Idem si les dimensions de la photo sont archi trop grandes ou archi trop petites."; // }}} // {{{ constructor - + function PhotoReq($_uid, $_data, $_stamp=0) { global $page; $this->Validate($_uid, true, 'photo', $_stamp); - + // calcul de la taille de l'image - require_once('xorg.varstream.inc.php'); + require_once dirname(__FILE__).'/../../classes/VarStream.php'; $GLOBALS['photoreq'] = $_data; $image_infos = getimagesize('var://photoreq'); unset ($GLOBALS['photoreq']); @@ -100,7 +100,7 @@ class PhotoReq extends Validate } $this->data = $_data; } - + // }}} // {{{ function get_request() @@ -125,7 +125,7 @@ class PhotoReq extends Validate // }}} // {{{ function _mail_body - + function _mail_body($isok) { if ($isok) { @@ -137,7 +137,7 @@ class PhotoReq extends Validate // }}} // {{{ function commit() - + function commit() { XDB::execute('REPLACE INTO photo (uid, attachmime, attach, x, y) diff --git a/include/xnet.inc.php b/include/xnet.inc.php index 8978ab0..98275a3 100644 --- a/include/xnet.inc.php +++ b/include/xnet.inc.php @@ -50,7 +50,6 @@ function new_group_page($tpl_name) new_page($tpl_name); - $page->doAuth(true); if (!is_member() && !S::has_perms()) { $page->kill("You have not sufficient credentials"); } @@ -97,24 +96,5 @@ function new_admin_page($tpl_name) } // }}} -// {{{ function new_nonhtml_page() - -function new_nonhtml_page($tpl_name) -{ - global $page, $globals; - - new_page($tpl_name, NO_SKIN); - - $page->doAuth(true); - if (!is_member() && !S::has_perms()) { - $page->kill("You have not sufficient credentials"); - } - - $page->useMenu(); - $page->assign('asso', $globals->asso()); - $page->setType($globals->asso('cat')); -} - -// }}} // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?> diff --git a/include/xnet/page.inc.php b/include/xnet/page.inc.php index cf3df33..744711a 100644 --- a/include/xnet/page.inc.php +++ b/include/xnet/page.inc.php @@ -22,8 +22,6 @@ require_once('platal/page.inc.php'); require_once('xnet/smarty.plugins.inc.php'); -// {{{ class XnetPage - class XnetPage extends PlatalPage { // {{{ function XnetPage() @@ -31,6 +29,14 @@ class XnetPage extends PlatalPage function XnetPage($tpl, $type=SKINNED) { $this->PlatalPage($tpl, $type); + + $this->register_function('list_all_my_groups', 'list_all_my_groups'); + $this->register_modifier('cat_pp', 'cat_pp'); + $this->assign('it_is_xnet', true); + + if (!S::logged() && Get::has('auth')) { + XnetSession::doAuthX(); + } } // }}} @@ -105,29 +111,7 @@ class XnetPage extends PlatalPage } // }}} - // {{{ function doAuth() - - function doAuth($force = false) - { - $this->register_function('list_all_my_groups', 'list_all_my_groups'); - $this->register_modifier('cat_pp', 'cat_pp'); - $this->assign('it_is_xnet', true); - if (!S::logged() && $force) { - XnetSession::doAuth(); - } - if (!S::logged() && Get::has('auth')) { - XnetSession::doAuthX(); - } - } - - // }}} - - function doLogin() - { - redirect(S::v('loginX')); - } } -// }}} // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?> diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php index c0b6d26..8dedafd 100644 --- a/include/xnet/session.inc.php +++ b/include/xnet/session.inc.php @@ -70,11 +70,9 @@ class XnetSession if (Get::has('auth')) { return XnetSession::doAuthX(); - } else { - global $page; - - $page->doLogin(); } + + return false; } // }}} @@ -105,11 +103,14 @@ class XnetSession $args = array(); $path = Get::get('p'); Get::kill('p'); + Get::kill('PHPSESSID'); foreach($_GET as $key => $val) { $args[] = urlencode($key).'='.urlencode($val); } - redirect($globals->baseurl . '/' . $path . '?' . join('&', $args)); + + redirect($globals->baseurl . '/' . $path + . rtrim('?' . join('&', $args), '?')); } // }}} diff --git a/include/xorg.inc.php b/include/xorg.inc.php index 3b9519c..8c121dc 100644 --- a/include/xorg.inc.php +++ b/include/xorg.inc.php @@ -42,20 +42,7 @@ class XorgPage extends PlatalPage if ($this->_page_type != NO_SKIN) { $this->assign('menu', $globals->menu->menu()); } - $this->_run('skin/'.S::v('skin')); - } - - function doLogin($new_name = false) - { - global $page; - if (S::logged() and !$new_name) { - $page->changeTpl('password_prompt_logged.tpl'); - $page->addJsLink('javascript/do_challenge_response_logged.js'); - } else { - $page->changeTpl('password_prompt.tpl'); - $page->addJsLink('javascript/do_challenge_response.js'); - } - $page->run(); + $this->_run('skin/'.S::v('skin', 'default.tpl')); } } diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 96382fe..df30806 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -32,7 +32,6 @@ class XorgSession if (!S::has('uid')) { try_cookie(); } - set_skin(); $_SESSION['session'] = new XorgSession; } @@ -47,10 +46,6 @@ class XorgSession // }}} // {{{ function doAuth() - /** Try to do an authentication. - * - * @param page the calling page (by reference) - */ function doAuth($new_name = false) { global $globals; @@ -58,88 +53,90 @@ class XorgSession return true; } - if (Env::has('username') && Env::has('response') && S::has('challenge')) - { - // si on vient de recevoir une identification par passwordpromptscreen.tpl - // ou passwordpromptscreenlogged.tpl - $uname = Env::get('username'); - - if (Env::get('domain') == "alias") { - - $res = XDB::query( - "SELECT redirect - FROM virtual - INNER JOIN virtual_redirect USING(vid) - WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom); - $redirect = $res->fetchOneCell(); - if ($redirect) { - $login = substr($redirect, 0, strpos($redirect, '@')); - } else { - $login = ""; - } + if (!Env::has('username') || !Env::has('response') + || !S::has('challenge')) + { + return false; + } + + // si on vient de recevoir une identification par passwordpromptscreen.tpl + // ou passwordpromptscreenlogged.tpl + $uname = Env::get('username'); + + if (Env::get('domain') == "alias") { + + $res = XDB::query( + "SELECT redirect + FROM virtual + INNER JOIN virtual_redirect USING(vid) + WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom); + $redirect = $res->fetchOneCell(); + if ($redirect) { + $login = substr($redirect, 0, strpos($redirect, '@')); } else { - $login = $uname; + $login = ""; } + } else { + $login = $uname; + } - $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias'; - $res = XDB::query( - "SELECT u.user_id, u.password - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) - WHERE a.$field = {?} AND u.perms IN('admin','user')", $login); - - $logger =& S::v('log'); - if (list($uid, $password) = $res->fetchOneRow()) { - require_once('secure_hash.inc.php'); - $expected_response=hash_encrypt("$uname:$password:".S::v('challenge')); - // le password de la base est peut-être encore encodé en md5 - if (Env::get('response') != $expected_response) { - $new_password = hash_xor(Env::get('xorpass'), $password); - $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge')); - if (Env::get('response') == $expected_response) { - XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid); - } - } - if (Env::get('response') == $expected_response) { - if (Env::has('domain')) { - if (($domain = Env::get('domain', 'login')) == 'alias') { - setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0); - } else { - setcookie('ORGdomain', '', (time()-3600), '/', '', 0); - } - // pour que la modification soit effective dans le reste de la page - $_COOKIE['ORGdomain'] = $domain; + $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias'; + $res = XDB::query( + "SELECT u.user_id, u.password + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) + WHERE a.$field = {?} AND u.perms IN('admin','user')", $login); + + $logger =& S::v('log'); + if (list($uid, $password) = $res->fetchOneRow()) { + require_once('secure_hash.inc.php'); + $expected_response=hash_encrypt("$uname:$password:".S::v('challenge')); + // le password de la base est peut-être encore encodé en md5 + if (Env::get('response') != $expected_response) { + $new_password = hash_xor(Env::get('xorpass'), $password); + $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge')); + if (Env::get('response') == $expected_response) { + XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid); + } + } + if (Env::get('response') == $expected_response) { + if (Env::has('domain')) { + if (($domain = Env::get('domain', 'login')) == 'alias') { + setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0); + } else { + setcookie('ORGdomain', '', (time()-3600), '/', '', 0); } + // pour que la modification soit effective dans le reste de la page + $_COOKIE['ORGdomain'] = $domain; + } - S::kill('challenge'); + S::kill('challenge'); + if ($logger) { + $logger->log('auth_ok'); + } + start_connexion($uid, true); + if (Env::get('remember', 'false') == 'true') { + $cookie = hash_encrypt(S::v('password')); + setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0); if ($logger) { - $logger->log('auth_ok'); + $logger->log("cookie_on"); } - start_connexion($uid, true); - if (Env::get('remember', 'false') == 'true') { - $cookie = hash_encrypt(S::v('password')); - setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0); - if ($logger) { - $logger->log("cookie_on"); - } - } else { - setcookie('ORGaccess', '', time() - 3600, '/', '', 0); + } else { + setcookie('ORGaccess', '', time() - 3600, '/', '', 0); - if ($logger) { - $logger->log("cookie_off"); - } + if ($logger) { + $logger->log("cookie_off"); } - return true; - } elseif ($logger) { - $logger->log('auth_fail','bad password'); } - } elseif ($logger) { - $logger->log('auth_fail','bad login'); + return true; + } elseif ($logger) { + $logger->log('auth_fail','bad password'); } - } + } elseif ($logger) { + $logger->log('auth_fail','bad login'); + } - global $page; - $page->doLogin($new_name); + return false; } // }}} @@ -241,31 +238,21 @@ function start_connexion ($uid, $identified) } // }}} -// {{{ function set_skin() function set_skin() { global $globals; - if (S::logged() && $globals->skin->enable) { + if (S::logged() && !S::has('skin')) { $uid = S::v('uid'); - $res = XDB::query("SELECT skin,skin_tpl - FROM auth_user_quick AS a - INNER JOIN skins AS s ON a.skin=s.id - WHERE user_id = {?} AND skin_tpl != ''", $uid); - if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) { + $res = XDB::query("SELECT skin_tpl + FROM auth_user_quick AS a + INNER JOIN skins AS s ON a.skin = s.id + WHERE user_id = {?} AND skin_tpl != ''", $uid); + if ($_SESSION['skin'] = $res->fetchOneCell()) { return; } } - if ($globals->skin->enable) { - $_SESSION['skin'] = $globals->skin->def_tpl; - $_SESSION['skin_id'] = $globals->skin->def_id; - } else { - $_SESSION['skin'] = 'default.tpl'; - $_SESSION['skin_id'] = -1; - } } -// }}} - // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?> diff --git a/modules/platal.php b/modules/platal.php index 646656f..b8ed76b 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -322,18 +322,13 @@ Mail envoy { global $globals; - if (!$globals->skin->enable) { - redirect('./'); - } - $page->changeTpl('skins.tpl'); $page->assign('xorg_title','Polytechnique.org - Skins'); if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées XDB::execute('UPDATE auth_user_quick - SET skin={?} WHERE user_id={?}', - Env::getInt('newskin'), - S::v('uid')); + SET skin={?} WHERE user_id={?}', + Env::getInt('newskin'), S::v('uid')); set_skin(); } -- 2.1.4