From 670b0ac0977d685aa05ba490bef58fd2995bcffb Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Tue, 27 Mar 2007 17:35:35 +0000 Subject: [PATCH] New groupex authentication handler which allows to choose the charset of returned data git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1623 839d8a87-29fc-0310-9880-83ba4fa771e5 --- classes/corelogger.php | 2 +- modules/auth.php | 21 +++++++++---- modules/auth/auth.inc.php | 76 +++++++++++++++++++++++------------------------ 3 files changed, 54 insertions(+), 45 deletions(-) diff --git a/classes/corelogger.php b/classes/corelogger.php index 58085ab..e5784c6 100644 --- a/classes/corelogger.php +++ b/classes/corelogger.php @@ -22,7 +22,7 @@ class CoreLogger { /** user id */ - private $uid; + public $uid; /** id of the session */ private $session; /** list of available actions */ diff --git a/modules/auth.php b/modules/auth.php index 20098cb..70c7e00 100644 --- a/modules/auth.php +++ b/modules/auth.php @@ -33,7 +33,8 @@ class AuthModule extends PLModule => $this->make_hook('manageurs', AUTH_PUBLIC), 'auth-redirect.php' => $this->make_hook('redirect', AUTH_COOKIE), - 'auth-groupex.php' => $this->make_hook('groupex', AUTH_COOKIE), + 'auth-groupex.php' => $this->make_hook('groupex_old', AUTH_COOKIE), + 'auth-groupex' => $this->make_hook('groupex', AUTH_COOKIE), 'admin/auth-groupes-x' => $this->make_hook('admin_authgroupesx', AUTH_MDP, 'admin'), ); } @@ -124,7 +125,12 @@ class AuthModule extends PLModule http_redirect(Env::v('dest', '/')); } - function handler_groupex(&$page) + function handler_groupex_old(&$page) + { + return $this->handler_groupex($page, 'iso-8859-1'); + } + + function handler_groupex(&$page, $charset = 'utf8') { require_once dirname(__FILE__).'/auth/auth.inc.php'; $page->assign('referer', true); @@ -138,8 +144,9 @@ class AuthModule extends PLModule } /* a-t-on besoin d'ajouter le http:// ? */ - if (!preg_match("/^(http|https):\/\/.*/",$gpex_url)) + if (!preg_match("/^(http|https):\/\/.*/",$gpex_url)) { $gpex_url = "http://$gpex_url"; + } $gpex_challenge = $_GET["challenge"]; // mise à jour de l'heure et de la machine de dernier login sauf quand on est en suid @@ -151,11 +158,11 @@ class AuthModule extends PLModule } /* on parcourt les entrees de groupes_auth */ - $res = XDB::iterRow('select privkey,name,datafields from groupesx_auth'); + $res = XDB::iterRow('SELECT privkey, name, datafields FROM groupesx_auth'); while (list($privkey,$name,$datafields) = $res->next()) { if (md5($gpex_challenge.$privkey) == $gpex_pass) { - $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields); + $returl = $gpex_url . gpex_make_params($gpex_challenge, $privkey, $datafields, $charset); http_redirect($returl); } } @@ -163,7 +170,9 @@ class AuthModule extends PLModule /* si on n'a pas trouvé, on renvoit sur x.org */ http_redirect('https://www.polytechnique.org/'); } - function handler_admin_authgroupesx(&$page, $action = 'list', $id = null) { + + function handler_admin_authgroupesx(&$page, $action = 'list', $id = null) + { $page->assign('xorg_title','Polytechnique.org - Administration - Auth groupes X'); $page->assign('title', 'Gestion de l\'authentification centralisée'); $table_editor = new PLTableEditor('admin/auth-groupes-x','groupesx_auth','id'); diff --git a/modules/auth/auth.inc.php b/modules/auth/auth.inc.php index 804c527..e8502a7 100644 --- a/modules/auth/auth.inc.php +++ b/modules/auth/auth.inc.php @@ -19,64 +19,64 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -function gpex_make($chlg, $privkey, $datafields) +function gpex_prepare_param($name, $val, &$to_hash, $charset) +{ + $val = iconv('UTF-8', $charset, $val); + $to_hash .= $val; + return '&' . $name . '=' . $val; +} + +function gpex_make($chlg, $privkey, $datafields, $charset) { $tohash = "1$chlg$privkey"; $params = ""; - $fieldarr = explode(",",$datafields); + $fieldarr = explode(',', $datafields); - $res = XDB::query("SELECT matricule, matricule_ax, promo, - promo_sortie, flags, deces, nom, - prenom, nationalite, section, - naissance - FROM auth_user_md5 WHERE user_id = {?}", - S::v('uid')); + $res = XDB::query("SELECT matricule, matricule_ax, promo, + promo_sortie, flags, deces, nom, + prenom, nationalite, section, + naissance + FROM auth_user_md5 WHERE user_id = {?}", + S::v('uid')); $personnal_data = $res->fetchOneAssoc(); foreach ($fieldarr as $val) { /* on verifie qu'on n'a pas demandé une variable inexistante ! */ if (S::has($val)) { - $tohash .= S::v($val); - $params .= "&$val=".S::v($val); + $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset); } else if (isset($personnal_data[$val])) { - $tohash .= $personnal_data[$val]; - $params .= "&$val=".$personnal_data[$val]; + $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset); } else if ($val == 'username') { - $res = XDB::query("SELECT alias FROM aliases - WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", - S::v('uid')); + $res = XDB::query("SELECT alias FROM aliases + WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", + S::v('uid')); $min_username = $res->fetchOneCell(); - $tohash .= $min_username; - $params .= "&$val=".$min_username; + $params .= gpex_prepare_param($val, $min_username, $tohash, $charset); } else if ($val == 'grpauth') { - if (isset($_GET['group'])) { - $res = XDB::query("SELECT perms FROM groupex.membres - INNER JOIN groupex.asso ON(id = asso_id) - WHERE uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']); - $perms = $res->fetchOneCell(); - } else { - // if no group asked, return main rights - $perms = Session::has_perms()?'admin':'membre'; - } - $tohash .= $perms; - $params .= "&$val=".$perms; + if (isset($_GET['group'])) { + $res = XDB::query("SELECT perms + FROM groupex.membres + INNER JOIN groupex.asso ON(id = asso_id) + WHERE uid = {?} AND diminutif = {?}", + S::v('uid'), $_GET['group']); + $perms = $res->fetchOneCell(); + } else { + // if no group asked, return main rights + $perms = Session::has_perms()?'admin':'membre'; + } + $params .= gpex_prepare_param($val, $perms, $tohash, $charset); } } $tohash .= "1"; $auth = md5($tohash); - return array($auth, "&auth=".$auth.$params); -} - -/* cree le champs "auth" renvoye au Groupe X */ -function gpex_make_auth($chlg, $privkey, $datafields) { - list ($auth, $param) = gpex_make($chlg, $privkey, $datafields); - return $auth; + return array($auth, "&auth=" . $auth . $params); } /* cree les parametres de l'URL de retour avec les champs demandes */ -function gpex_make_params($chlg, $privkey, $datafields) { - list ($auth, $param) = gpex_make($chlg, $privkey, $datafields); - return $param; +function gpex_make_params($chlg, $privkey, $datafields, $charset) +{ + list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset); + return $param; } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: -- 2.1.4